Skip to content

Add CycloneDX SBOM generation across all services#325

Open
jmolloy421 wants to merge 1 commit intofinos:mainfrom
jmolloy421:devin/1766452677-sbom-generation
Open

Add CycloneDX SBOM generation across all services#325
jmolloy421 wants to merge 1 commit intofinos:mainfrom
jmolloy421:devin/1766452677-sbom-generation

Conversation

@jmolloy421
Copy link

@jmolloy421 jmolloy421 commented Jan 9, 2026

  • Add CycloneDX Gradle plugin to Java services (account-service, trade-service, position-service, trade-processor)
  • Add CycloneDX dotnet tool configuration for .NET service (people-service)
  • Add @cyclonedx/cyclonedx-npm to Node.js services (trade-feed, reference-data)
  • Add SBOM generation scripts to web-front-end (Angular and React)

This enables automated Software Bill of Materials (SBOM) generation during the build process, supporting EO 14028 compliance and secure-by-design principles.

@devin-ai-integration @jmolloy421
Add CycloneDX SBOM generation across all services
e7f76ef 
- Add CycloneDX Gradle plugin to Java services (account-service, trade-service, position-service, trade-processor)
- Add CycloneDX dotnet tool configuration for .NET service (people-service)
- Add @cyclonedx/cyclonedx-npm to Node.js services (trade-feed, reference-data)
- Add SBOM generation scripts to web-front-end (Angular and React)

This enables automated Software Bill of Materials (SBOM) generation during the build process, supporting EO 14028 compliance and secure-by-design principles.

Co-Authored-By: jackmolloy@protonmail.com <jmolloy421@gmail.com>
@netlify
Copy link

netlify bot commented Jan 9, 2026

Deploy Preview for lucky-concha-f3599f canceled.

Name Link
🔨 Latest commit e7f76ef
🔍 Latest deploy log https://app.netlify.com/projects/lucky-concha-f3599f/deploys/69613c2c36063e0008ef1f7c

1 similar comment
@netlify
Copy link

netlify bot commented Jan 9, 2026

Deploy Preview for lucky-concha-f3599f canceled.

Name Link
🔨 Latest commit e7f76ef
🔍 Latest deploy log https://app.netlify.com/projects/lucky-concha-f3599f/deploys/69613c2c36063e0008ef1f7c

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jan 9, 2026

CLA Missing ID CLA Not Signed

One or more co-authors of this pull request were not found. You must specify co-authors in commit message trailer via:

Co-authored-by: name <email>

Supported Co-authored-by: formats include:

  1. Anything <id+login@users.noreply.github.com> - it will locate your GitHub user by id part.
  2. Anything <login@users.noreply.github.com> - it will locate your GitHub user by login part.
  3. Anything <public-email> - it will locate your GitHub user by public-email part. Note that this email must be made public on Github.
  4. Anything <other-email> - it will locate your GitHub user by other-email part but only if that email was used before for any other CLA as a main commit author.
  5. login <any-valid-email> - it will locate your GitHub user by login part, note that login part must be at least 3 characters long.

Please update your commit message(s) by doing git commit --amend and then git push [--force] and then request re-running CLA check via commenting on this pull request:

/easycla

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmolloy421